How Ransomware Attacks Impact the Manufacturing Industry

As companies digitize operations and take advantage of software, they need to ensure that their data remains secure. The manufacturing sector has become an especially common target for ransomware attacks. To protect their data and avoid costly slowdowns, more of these companies are starting to make cybersecurity a top priority.

Ransomware is a special type of malware that locks data until a ransom has been paid. By using sophisticated attack methods, bad actors can encrypt your data and dangle the decryption key as a reward for paying the ransom. This insidious practice is as costly as it is infuriating. Not only are the ransoms often astronomical, but a company’s operations often grind to a standstill as long as the attack lasts. For most institutions, the sudden drop in revenue proves devastating.

In recent years, ransomware attacks have become frequent and severe. The onslaught has concentrated on the manufacturing sector, with producers providing easy targets for bad actors. If you’re operating within this industry, then it’s vital to recognize the latest trends and defend yourself accordingly.

Attacks take a variety of forms. In many cases, a criminal organization strikes out at a company’s data. In others, a state-aligned actor seeks to steal corporate secrets to further national interests. Sometimes, company insiders filch data to sell it on the illegal market.

When threats like this abound, a proactive approach is necessary. Luckily, you can do a lot to protect your company. By shoring up your email security, backing up your data, and instilling best practices throughout your operation, you can successfully protect your organization from cyberattacks.

Why Is the Manufacturing Sector a Top Target?

While no industry is safe from ransomware attacks, the manufacturing sector has been hit especially hard. According to an NTT report released in May 2021, attacks on the industry had increased by 300% in the previous year. Once the eighth most frequently targeted sector, it is now the most attacked industry. With the assaults coming thick and fast, manufacturers need to beef up their cybersecurity systems before it’s too late.

There are two main reasons why the sector has seen such a rise in cybercrime:

  • A wide attack surface area (When cybersecurity experts talk about surface area, they’re referring to the places within a system where criminals can attack. A factory uses all sorts of specialized equipment, and much of it is managed by software.)
  • Limited security workforces (The pandemic stretched IT workforces to the limit, and companies can barely keep pace with the criminals’ evolving tactics. With vast computer systems protected by subpar security measures, factories have become easy targets for bad actors.)

Significant Ransomware Attacks on Manufacturing

According to Morphisec’s 2021 Manufacturing Cybersecurity Threat Index, one in five British and American companies within the industry suffered an attack during the course of the year. This astounding statistic shows just how serious the threat has become. Cybercriminals are always happy to take advantage of weaknesses, and they’ve identified factories as vulnerable targets.

To understand how these crimes unfold, it’s helpful to analyze specific cases. A few recent attacks demonstrate that even the biggest companies can become victims. In each of the incidents outlined below, a criminal organization succeeded in locking or extracting a company’s data. Either by publishing sensitive information or bringing operations to a halt, each assault had a truly disastrous effect.

LockerGoga Ransomware Attack on Norsk Hydro

In 2019, a Norwegian aluminum manufacturer suffered a digital assault. With over 35,000 employees operating in 40 countries, Norsk Hydro is one of the biggest players in the global aluminum industry. By infecting the company’s system with LockerGaga ransomware, criminals managed to paralyze operations for about a week. In total, the incident cost the company over $38 million.

The Norsk Hydro infiltration shows how devastating a cyberattack can become. For the sake of safety, the enterprise had to pull the plug on over 22,000 separate devices, some of which weren’t even infected. With many of the firm’s computers offline, production couldn't continue as usual.

DoppelPaymer Ransomware Attack on Visser Precision

In 2020, Visser Precision suffered a massive DoppelPaymer cyberattack. First observed in April 2019, this particular type of malware works by encrypting data to cut off access. Since its creation, it has become a major tool for digital criminals around the world.

The aerospace precision parts manufacturer has private dealings with many major firms and agencies, including Tesla, SpaceX and General Dynamics, and this preponderance of sensitive information attracted criminals’ attention. The hackers published important company documents on their website, including nondisclosure agreements. This dastardly act was meant to intimidate the company into paying the ransom. It remains unclear whether the ransom was ever actually paid.

$50M REvil Ransomware Attack on Acer

In 2021, the technology manufacturer Acer suffered a massive cyber assault. The criminals, who call themselves REvil, claimed credit for the disruptions. While the route of entry remains unknown, experts have speculated that a Microsoft Exchange vulnerability might be to blame.

REvil demanded $50 million to release the locked data, more than any previous ransom in the history of cybercrime. To prove their involvement in the assault, the group posted pictures of sensitive files online.

Remarkably, Acer suffered two additional attacks towards the end of 2021. This constant barrage of malicious malware shows just how large the cybersecurity threat has become for companies in the manufacturing sector.

How to Defend against Ransomware

Defending against cyberattacks requires a proactive approach. Once hackers or malicious software have infiltrated your system and encrypted your data, there’s nothing more you can do. By adopting a sound cybersecurity policy, you can thwart attacks before they cause any damage.

You should build your security approach around three main tactics:

  • Email security
  • Data backups
  • Best practices for user behavior

When you keep your data and emails secure while training employees to avoid falling for scams, you give your company the protection it needs.

Consider a Multi-Layered Approach for Email Security

Many cyberattacks originate with a malicious message, meaning email security should be the focal point of any digital security campaign. Criminals are getting increasingly clever, and phishing campaigns will hit your employees with messages that seem genuine. Combating this threat requires a multi-layered approach.

First of all, you should train all your employees to look for suspicious emails. Then, you should use a machine-learning platform to track user behavior and identify potential threats. With these two strategies operating simultaneously, you should block most phishing emails before they bring disaster to your company.

Ensure Effective Backups

When a criminal organization locks a company’s data, the sudden inability to operate is often the most devastating result. Without access to vital information, your factories would likely halt production. Luckily, you can avert this catastrophe by backing up your essential data. That way, you’ll be able to continue with normal operations after suffering infiltration.

Look for backup options that continuously store your data so that everything stashed away will be up to date. Your backups should also be present and reliable, ensuring you can reach the data immediately after your primary systems have been breached.

Establish Best Practices for User Behavior

Users can represent a vulnerable point in any security scheme. Simple human error is responsible for a disproportionate number of cyberattacks. While you can’t eliminate this risk altogether, you can improve your odds by developing a strong set of policies and training your workers to follow them.

Employees should know how to recognize potential phishing emails, and there should be clear policies in place for reporting suspicious messages. Everyone within the organization needs to take an active role in cyberattack prevention. With continuous training and company-wide commitment to the cause, you can seriously decrease the chances of a debilitating infiltration.


A wide attack surface area with inherent vulnerabilities has made the manufacturing industry a principal target for cyberattacks. Companies as large as Visser Precision and Acer have had their data locked and encrypted by ransomware groups. Once you’ve recognized the scope of the problem, the next step is to act.

You can protect your company from cybercrime with a proactive approach that focuses on prevention. Email security, data backups, and employee training won’t erase the threat, but they’ll certainly increase your chances of avoiding disaster. When the stakes are so high, you have to give yourself every possible advantage.

To find out more about how you can protect your organization against ransomware attacks, download for free The Clear & Complete Guide to Smarter Email Security:


Similar posts

Get curated and relevant updates once per month

Once per month, we’re sharing the latest security insights from our team in a curated, 5-minutes-to-read email newsletter. We strive to inform you with fresh, relevant, and objective updates on what’s happening around you.